Designing the Logical Structure for Windows Server 2008 AD DS

Active Directory Domain Services (AD DS) in the Windows Server 2008 operating system enables organizations to create a scalable, secure, and manageable infrastructure for user and resource management. It also enables them to support directory-enabled applications.

A well-designed Active Directory logical structure provides the following benefits:

Simplified management of Microsoft® Windows®–based networks that contain large numbers of objects

A consolidated domain structure and reduced administration costs

The ability to delegate administrative control over resources, as appropriate

Reduced impact on network bandwidth

Simplified resource sharing

Optimal search performance

Low total cost of ownership

A well-designed Active Directory logical structure facilitates the efficient integration of such features as Group Policy; desktop lockdown; software distribution; and user, group, workstation, and server administration into your system. In addition, a carefully designed logical structure facilitates the integration of Microsoft and non-Microsoft applications and services, such as Microsoft Exchange Server, public key infrastructure (PKI), and a domain-based distributed file system (DFS).

When you design an Active Directory logical structure before you deploy AD DS, you can optimize your deployment process to best take advantage of Windows Server 2008 Active Directory features. To design the Active Directory logical structure, your design team first identifies the requirements for your organization and, based on this information, decides where to place the forest and domain boundaries. Then, the design team decides how to configure the Domain Name System (DNS) environment to meet the needs of the forest. Finally, the design team identifies the organizational unit (OU) structure that is required to delegate the management of resources in your organization.